panic: attempt to execute user address 0x0 in supervisor mode Stopped at db_enter+0x18: addq $0x8,%rsp TID PID UID PRFLAGS PFLAGS CPU COMMAND *299839 95362 0 0 0x4000000 0 syz-executor.1 db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 pageflttrap() at pageflttrap+0x3eb kerntrap(ffff80001573e2a0) at kerntrap+0xdb sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,ffff800014b0b000,fffffd802e6ea708,10,ffff800000025010,ffff80001573e508) at alltraps_kern_meltdown+0x7b 0(b,ffff80001573e468,83,ffff80001573e508,0,b) at 0 rt_match(fffffd803700fc88,0,1,0) at rt_match+0xbe rt_clone sys/net/route.c:266 [inline] rt_match(fffffd803700fc88,0,1,0) at rt_match+0xbe sys/net/route.c:242 in_pcbselsrc(ffff80001573e5e0,fffffd802dbfdc20,fffffd803700fc08) at in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934 in_pcbconnect(fffffd803700fc08,fffffd802dbfdc00) at in_pcbconnect+0x107 sys/netinet/in_pcb.c:492 udp_usrreq(fffffd803c16fc60,4,0,fffffd802dbfdc00,0,ffff8000ffff2c70) at udp_usrreq+0x560 sys_connect(ffff8000ffff2c70,ffff80001573e768,ffff80001573e7b0) at sys_connect+0x3df sys/kern/uipc_syscalls.c:388 syscall(ffff80001573e830) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,fffffffffffffed2,0,3,39048b16010) at Xsyscall+0x128 end of kernel end trace frame: 0x39309f40b00, count: 2 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> ddb> set $lines = 0 ddb> set $maxwidth = 0 ddb> show panic attempt to execute user address 0x0 in supervisor mode ddb> trace db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398 panic() at panic+0x15c sys/kern/subr_prf.c:207 pageflttrap() at pageflttrap+0x3eb kerntrap(ffff80001573e2a0) at kerntrap+0xdb sys/arch/amd64/amd64/trap.c:287 alltraps_kern_meltdown(6,ffff800014b0b000,fffffd802e6ea708,10,ffff800000025010,ffff80001573e508) at alltraps_kern_meltdown+0x7b 0(b,ffff80001573e468,83,ffff80001573e508,0,b) at 0 rt_match(fffffd803700fc88,0,1,0) at rt_match+0xbe rt_clone sys/net/route.c:266 [inline] rt_match(fffffd803700fc88,0,1,0) at rt_match+0xbe sys/net/route.c:242 in_pcbselsrc(ffff80001573e5e0,fffffd802dbfdc20,fffffd803700fc08) at in_pcbselsrc+0x219 sys/netinet/in_pcb.c:934 in_pcbconnect(fffffd803700fc08,fffffd802dbfdc00) at in_pcbconnect+0x107 sys/netinet/in_pcb.c:492 udp_usrreq(fffffd803c16fc60,4,0,fffffd802dbfdc00,0,ffff8000ffff2c70) at udp_usrreq+0x560 sys_connect(ffff8000ffff2c70,ffff80001573e768,ffff80001573e7b0) at sys_connect+0x3df sys/kern/uipc_syscalls.c:388 syscall(ffff80001573e830) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555 Xsyscall(6,0,fffffffffffffed2,0,3,39048b16010) at Xsyscall+0x128 end of kernel end trace frame: 0x39309f40b00, count: -13 ddb> show registers rdi 0xffffffff811edc87 db_enter+0x17 rsi 0x2291 __ALIGN_SIZE+0x1291 rbp 0xffff80001573e110 rbx 0xffff80001573e1c0 rdx 0x2292 __ALIGN_SIZE+0x1292 rcx 0xffff800014b0b000 rax 0xffff800014b0b000 r8 0xffff80001573e0d0 r9 0x1 r10 0xffff800000af7e40 r11 0x2c02656d9c1f456b r12 0x3000000008 r13 0xffff80001573e120 r14 0x100 r15 0x1 rip 0xffffffff811edc88 db_enter+0x18 cs 0x8 rflags 0x246 rsp 0xffff80001573e100 ss 0x10 db_enter+0x18: addq $0x8,%rsp ddb> show proc PROC (syz-executor.1) pid=299839 stat=onproc flags process=0 proc=4000000 pri=80, usrpri=80, nice=20 forw=0xffffffffffffffff, list=0xffff8000ffff33d8,0xffffffff82558bf8 process=0xffff8000ffff6d90 user=0xffff800015739000, vmspace=0xfffffd803f013440 estcpu=36, cpticks=0, pctcpu=0.0 user=0, sys=0, intr=0 ddb> ps PID TID PPID UID S FLAGS WAIT COMMAND 95362 234685 15229 0 2 0 syz-executor.1 *95362 299839 15229 0 7 0x4000000 syz-executor.1 98965 460125 26979 0 2 0 syz-executor.0 98965 129157 26979 0 3 0x4000080 fsleep syz-executor.0 26979 52357 93901 0 3 0x82 nanosleep syz-executor.0 15229 458570 93901 0 3 0x82 nanosleep syz-executor.1 73594 215852 0 0 3 0x14200 bored sosplice 93901 397260 89347 0 3 0x82 thrsleep syz-fuzzer 93901 519434 89347 0 3 0x4000082 thrsleep syz-fuzzer 93901 377591 89347 0 3 0x4000082 kqread syz-fuzzer 93901 140548 89347 0 3 0x4000082 thrsleep syz-fuzzer 93901 183243 89347 0 3 0x4000082 thrsleep syz-fuzzer 93901 230943 89347 0 3 0x4000082 thrsleep syz-fuzzer 93901 180636 89347 0 3 0x4000082 thrsleep syz-fuzzer 93901 186033 89347 0 3 0x4000082 thrsleep syz-fuzzer 89347 256195 32631 0 3 0x10008a pause ksh 32631 255729 39331 0 3 0x92 select sshd 32721 216582 1 0 3 0x100083 ttyin getty 39331 435347 1 0 3 0x80 select sshd 52494 26972 33947 73 3 0x100090 kqread syslogd 33947 216444 1 0 3 0x100082 netio syslogd 92424 426019 1 77 3 0x100090 poll dhclient 15387 160126 1 0 3 0x80 poll dhclient 63311 206375 0 0 2 0x14200 zerothread 94868 159315 0 0 3 0x14200 aiodoned aiodoned 75968 407331 0 0 3 0x14200 syncer update 51650 297363 0 0 3 0x14200 cleaner cleaner 82173 129357 0 0 3 0x14200 reaper reaper 40697 363679 0 0 3 0x14200 pgdaemon pagedaemon 39434 217284 0 0 3 0x14200 bored crynlk 38519 220318 0 0 3 0x14200 bored crypto 20741 317721 0 0 3 0x40014200 acpi0 acpi0 34733 21785 0 0 3 0x14200 bored softnet 78183 291815 0 0 3 0x14200 bored systqmp 99383 123538 0 0 3 0x14200 bored systq 27003 307861 0 0 3 0x40014200 bored softclock 85296 505543 0 0 3 0x40014200 idle0 6086 239071 0 0 3 0x14200 bored smr 1 260624 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb> show all locks No such command ddb> show malloc Type InUse MemUse HighUse Limit Requests Type Lim Kern Lim devbuf 9646 7120K 8858K 78643K 132740 0 0 pcb 13 12K 14K 78643K 8233 0 0 rtable 148 14K 15K 78643K 13633 0 0 ifaddr 122 33K 38K 78643K 4069 0 0 counters 19 16K 16K 78643K 19 0 0 ioctlops 0 0K 2K 78643K 1356 0 0 iov 0 0K 32K 78643K 5465 0 0 mount 1 1K 1K 78643K 1 0 0 vnodes 1231 77K 78K 78643K 38809 0 0 UFS quota 1 32K 32K 78643K 1 0 0 UFS mount 5 36K 36K 78643K 5 0 0 shm 2 1K 9K 78643K 376 0 0 VM map 2 0K 0K 78643K 146 0 0 sem 12 0K 0K 78643K 3545 0 0 dirhash 12 2K 2K 78643K 12 0 0 ACPI 1793 195K 288K 78643K 12645 0 0 file desc 6 17K 25K 78643K 23449 0 0 sigio 0 0K 0K 78643K 246 0 0 proc 50 38K 63K 78643K 8316 0 0 subproc 32 2K 2K 78643K 2553 0 0 NFS srvsock 1 0K 0K 78643K 1 0 0 NFS daemon 1 16K 16K 78643K 1 0 0 ip_moptions 0 0K 0K 78643K 1422 0 0 in_multi 34 2K 2K 78643K 2310 0 0 ether_multi 1 0K 0K 78643K 119 0 0 mrt 0 0K 0K 78643K 152 0 0 ISOFS mount 1 32K 32K 78643K 1 0 0 MSDOSFS mount 1 16K 16K 78643K 1 0 0 ttys 120 530K 530K 78643K 120 0 0 exec 0 0K 1K 78643K 4579 0 0 pfkey data 0 0K 0K 78643K 2 0 0 pagedep 1 8K 8K 78643K 1 0 0 inodedep 1 32K 32K 78643K 1 0 0 newblk 1 0K 0K 78643K 1 0 0 VM swap 7 26K 26K 78643K 7 0 0 UVM amap 157 24K 34K 78643K 59700 0 0 UVM aobj 130 4K 4K 78643K 199 0 0 memdesc 1 4K 4K 78643K 1 0 0 crypto data 1 1K 1K 78643K 1 0 0 ip6_options 0 0K 1K 78643K 4981 0 0 NDP 28 0K 1K 78643K 1309 0 0 temp 282 3538K 4184K 78643K 602824 0 0 kqueue 0 0K 0K 78643K 144 0 0 SYN cache 2 16K 16K 78643K 2 0 0 ddb> show all pools Name Size Requests Fail Releases Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle arp 64 399 0 393 1 0 1 1 0 8 0 rtpcb 80 1851 0 1849 1 0 1 1 0 8 0 rtentry 112 2323 0 2271 2 0 2 2 0 8 0 unpcb 120 9294 0 9257 26 24 2 2 0 8 0 syncache 264 97 0 97 46 46 0 1 0 8 0 sackhl 24 16 0 16 11 11 0 1 0 8 0 tcpqe 32 7619 0 7619 25 25 0 1 0 8 0 tcpcb 544 7648 0 7644 48 47 1 16 0 8 0 ipq 40 146 0 146 59 58 1 1 0 8 1 ipqe 40 317 0 317 59 58 1 1 0 8 1 inpcb 280 39023 0 39015 123 121 2 13 0 8 1 rttmr 72 37 0 36 10 9 1 1 0 8 0 ip6q 72 7 0 7 7 7 0 1 0 8 0 ip6af 40 4 0 4 2 2 0 1 0 8 0 nd6 48 326 0 323 21 20 1 1 0 8 0 pkpcb 40 105 0 105 35 35 0 1 0 8 0 swfcl 56 10 0 0 1 0 1 1 0 8 0 ppxss 1128 524 0 524 89 88 1 1 0 8 1 art_heap8 4096 68 0 67 34 33 1 3 0 8 0 art_heap4 256 9722 0 9403 80 58 22 22 0 8 0 art_table 32 9790 0 9470 4 1 3 3 0 8 0 art_node 16 2262 0 2216 1 0 1 1 0 8 0 sysvmsgpl 40 40 0 24 2 1 1 1 0 8 0 semapl 112 3543 0 3533 1 0 1 1 0 8 0 shmpl 112 197 0 69 6 2 4 4 0 8 0 dirhash 1024 17 0 0 3 0 3 3 0 8 0 dino1pl 128 37959 0 36511 47 0 47 47 0 8 0 ffsino 240 37959 0 36511 87 1 86 86 0 8 0 nchpl 144 71050 0 69356 63 0 63 63 0 8 0 uvmvnodes 72 11325 0 0 206 0 206 206 0 8 0 vnodes 208 11325 0 0 597 0 597 597 0 8 0 namei 1024 264956 0 264956 15 14 1 1 0 8 1 vmpool 520 144 0 144 52 52 0 1 0 8 0 scsiplug 64 19 0 19 14 14 0 1 0 8 0 scxspl 192 303636 0 303636 121 120 1 7 0 8 1 plimitpl 152 2071 0 2064 1 0 1 1 0 8 0 sigapl 432 23179 0 23165 2 0 2 2 0 8 0 futexpl 56 636943 0 636942 15 14 1 1 0 8 0 knotepl 112 6476 0 6457 7 6 1 3 0 8 0 kqueuepl 104 6268 0 6266 10 9 1 4 0 8 0 pipepl 112 12874 0 12855 39 38 1 2 0 8 0 fdescpl 424 23180 0 23165 2 0 2 2 0 8 0 filepl 120 197116 0 197018 97 93 4 11 0 8 1 lockfpl 104 9152 0 9151 1 0 1 1 0 8 0 lockfspl 48 3146 0 3145 1 0 1 1 0 8 0 sessionpl 112 164 0 154 1 0 1 1 0 8 0 pgrppl 48 358 0 348 1 0 1 1 0 8 0 ucredpl 96 25847 0 25836 1 0 1 1 0 8 0 zombiepl 144 23184 0 23184 3 2 1 1 0 8 1 processpl 864 23214 0 23184 4 0 4 4 0 8 0 procpl 632 51426 0 51387 10 6 4 5 0 8 0 sosppl 128 371 0 371 87 86 1 1 0 8 1 sockpl 384 50925 0 50878 184 177 7 22 0 8 2 mcl64k 65536 11052 0 11049 700 687 13 64 0 8 12 mcl16k 16384 260 0 260 92 92 0 1 0 8 0 mcl12k 12288 657 0 657 57 56 1 1 0 8 1 mcl9k 9216 722 0 722 58 58 0 1 0 8 0 mcl8k 8192 1292 0 1292 35 34 1 1 0 8 1 mcl4k 4096 2546 0 2546 20 19 1 1 0 8 1 mcl2k2 2112 211 0 211 91 91 0 1 0 8 0 mcl2k 2048 100952 0 100909 81 74 7 18 0 8 1 mtagpl 80 11115 0 11054 109 107 2 8 0 8 0 mbufpl 256 379351 0 378986 649 622 27 68 0 8 3 bufpl 256 110685 0 99360 709 1 708 708 0 8 0 anonpl 16 2738149 0 2722440 487 412 75 83 0 62 0 amapchunkpl 152 122297 0 122180 349 343 6 19 0 158 1 amappl16 192 147760 0 146754 1010 956 54 64 0 8 2 amappl15 184 4027 0 4027 21 21 0 1 0 8 0 amappl14 176 7017 0 7013 2 1 1 1 0 8 0 amappl13 168 1013 0 1013 18 18 0 1 0 8 0 amappl12 160 3409 0 3404 1 0 1 1 0 8 0 amappl11 152 3379 0 3368 1 0 1 1 0 8 0 amappl10 144 2640 0 2637 9 8 1 1 0 8 0 amappl9 136 4395 0 4387 1 0 1 1 0 8 0 amappl8 128 3765 0 3691 5 2 3 3 0 8 0 amappl7 120 3234 0 3226 1 0 1 1 0 8 0 amappl6 112 3003 0 2987 1 0 1 1 0 8 0 amappl5 104 4827 0 4817 1 0 1 1 0 8 0 amappl4 96 19323 0 19286 1 0 1 1 0 8 0 amappl3 88 9920 0 9915 1 0 1 1 0 8 0 amappl2 80 178729 0 178651 4 2 2 3 0 8 0 amappl1 72 441751 0 441328 28 19 9 20 0 8 0 amappl 80 54190 0 54150 2 0 2 2 0 84 0 dma4096 4096 1 0 1 1 1 0 1 0 8 0 dma256 256 6 0 6 1 1 0 1 0 8 0 dma128 128 253 0 253 1 1 0 1 0 8 0 dma64 64 6 0 6 1 1 0 1 0 8 0 dma32 32 7 0 7 1 1 0 1 0 8 0 dma16 16 17 0 17 1 1 0 1 0 8 0 aobjpl 64 198 0 69 3 0 3 3 0 8 0 uaddrrnd 24 23324 0 23165 1 0 1 1 0 8 0 uaddrbest 32 2 0 0 1 0 1 1 0 8 0 uaddr 24 23324 0 23165 1 0 1 1 0 8 0 vmmpekpl 168 140970 0 140946 2 0 2 2 0 8 0 vmmpepl 168 2835628 0 2833399 1361 1227 134 144 0 357 30 vmsppl 272 23179 0 23165 19 18 1 2 0 8 0 pdppl 4096 46654 0 46618 7 2 5 6 0 8 0 pvpl 32 7896338 0 7877401 1545 1358 187 303 0 265 16 pmappl 200 23323 0 23309 1 0 1 1 0 8 0 extentpl 40 41 0 26 1 0 1 1 0 8 0 phpool 112 2581 0 1704 32 5 27 27 0 8 0